Description
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS:

* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

Please note that ((OTRS)) Community Edition 6.x, OTRS 7.x and products based on the ((OTRS)) Community Edition also very likely to be affected
Published: 2026-06-01
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An uncontrolled allocation of resources occurs during e‑mail handling in OTRS, allowing an attacker to trigger excessive resource consumption that can cause the webserver to abort. This results in a denial of service to all users of the affected OTRS instance. The weakness is a resource‑management flaw (CWE‑400) and a potential exhaustion of allocation limits (CWE‑770).

Affected Systems

The vulnerability affects OTRS versions 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X before 2026.4.X. It is also very likely to impact OTRS Community Edition 6.x, OTRS 7.x, and any products derived from the Community Edition.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. An attacker may trigger the DoS by sending specially crafted e‑mail messages to the OTRS instance, exploiting the lack of resource limits.

Generated by OpenCVE AI on June 1, 2026 at 06:23 UTC.

Remediation

Vendor Solution

Update to OTRS 2026.4.1. or later. Please note that there will be no OTRS 7 patches

OpenCVE Recommended Actions

  • Upgrade OTRS to version 2026.4.1 or later
  • Temporarily block or limit inbound email sources that send large volumes until the patch is applied
  • Implement rate‑limiting or firewall rules on the OTRS mail handling service to reduce the impact of excessive email processing

Generated by OpenCVE AI on June 1, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Otrs
Otrs otrs
Otrs otrs Community Edition
Vendors & Products Otrs
Otrs otrs
Otrs otrs Community Edition

Mon, 01 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X Please note that ((OTRS)) Community Edition 6.x, OTRS 7.x and products based on the ((OTRS)) Community Edition also very likely to be affected
Title Email with special content can lead to DoS
Weaknesses CWE-400
CWE-770
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Otrs Otrs Otrs Community Edition
cve-icon MITRE

Status: PUBLISHED

Assigner: OTRS

Published:

Updated: 2026-06-01T13:17:04.742Z

Reserved: 2026-05-21T07:53:13.253Z

Link: CVE-2026-48187

cve-icon Vulnrichment

Updated: 2026-06-01T13:16:59.209Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T04:16:22.410

Modified: 2026-06-15T12:46:17.540

Link: CVE-2026-48187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:30:16Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption

  • CWE-770

    Allocation of Resources Without Limits or Throttling